-
/area documentation
**What would you like to be added**:
Expand and improve https://falco.org/docs/reference/rules/supported-fields/:
We could add full schemas for each syscall that are…
-
**Motivation**
- `fd.name`: if the `fd.type` represents a file or directory, the `fd.name` field contains the full path. If the path is not already an absolute path, a custom traversal parser can b…
-
**Describe the bug**
When check logs of daemonset I see giving up on read more than 100 MB of data for k8s_replicaset_handler_state while setting metadata_download.max_mb is set to 200 in confi…
-
Hello Team, received the following error while deploying the collector in openshift 4.9. Initially thought this is a permission issue and added the required SCC to collector's service account, but sti…
-
Dear Support,
sinsp-example reports two events for a curl command on x86_64, but only one on ppc64le. libs version is master. Its causing failing tests in a package we are trying to port to ppc64le…
-
**Describe the bug**
_Falco_ didn't capture event(s) in a _container_ running as a _CronJob_.
**How to reproduce it**
Create a _shell script_ similar to `test.sh`:
```bash
#!/bin/bash
se…
-
**Description**
In the tech stack of Falco and its libraries, the whole architecture is event-driven and mostly functionally stateless, with the only exception being libsinsp. Among the many respon…
-
Falco enforces upper limits on variable length strings for kernel signals such as cmd args, process environment variables or file names and paths. The primary motivation is to ensure stability in term…
-
**Motivation**
Support bitmap to access non-init namespaces threads via filterchecks.
The concept of pid namespaces etc extends beyond the concept of containers in libsinsp. Adding these new capab…
-
I am building sysdig v0.30.1 from source on Ubuntu 20.04/10.04 x86_64.
Tried to enable Tests through cmake as
`cmake -DCREATE_TEST_TARGETS=ON -DSYSDIG_VERSION=0.30.0 ..`
However build fails (make) …